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PATENT 

AMENDMENTS TO THE CUIIMS 

!• (previously presented) A method for preventing malicious 
network attacks said method comprising: 

receiving a packet from a client computer; 

identifying the client computer by a source IP address; 

calculating a number of packets received using the source 
IP address during a time interval; 

comparing the number of packets received with one or more 
configuration settings; 

determining an action from a plurality of actions based 
on the comparing; and 

executing the action. 

2. (Canceled) 

3. (previously presented) The method as described in claim 1 
wherein the calculating further includes: 

identifying a client data area based on the source IP 
address, the client data area including the number of 
packets received; and 

incrementing the number of packets received • 

4. (Canceled) 

5. (Original) The method described in claim 1 further 
comprising: 

receiving a socket request from the client computer; 
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determining a number of sockets opened for the client 
computer; 

comparing the number of sockets opened to a socket limit; 
and 

determining whether to allow a socket request based on 
the comparison. 

6. (Canceled) 

?• (previously presented) The method described in claim 1 
further comprising : 

providing a test script, the test script including one or 
more attack simulations; 

processing the attack simulations included in the test 
script; 

determining whether to change one or more of the 
configuration settings based on the processing; and 

changing one or more of the configuration settings based 
on the determination, 

8. (previously presented) An information handling system 
comprising: 

one or more processors; 

a memory accessible by the processors; 

one or more nonvolatile storage devices accessible by the 
processors; 

a network interface for receiving packets from a computer 
network; and 
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an a packet handling tool to manage packets received from 
the network interface, the packet handling tool 
including: 

means for receiving a packet from a client computer 
through the network interface; 

means for identifying the client computer by a source IP 
address ; 

means for calculating a number of packets received using 
the source IP address during a time interval? 

means for comparing the number of packets received with 
one or more configuration settings; 

means for determining an action from a plurality of 
actions based on the comparing; and 

means for executing the action. 

9. (Canceled) 

10 ♦ (previously presented) The information handling system as 
described in claim 8 wherein the means for calculating 
further includes: 

means for identifying a client data area based on the 
source IP address, the client data area including the 
number of packets received; and 

means for incrementing the number of packets received. 

11. (Original) The information handling system as described 
in claim 8 further comprising: 

means for receiving a socket request from the client 
computer; 
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means for determining a number of sockets opened for the 
client computer; 

means for comparing the number of sockets opened to a 
socket limit; and 

means for determining whether to allow a socket request 
based on the comparison* 

12. (Canceled) 

13. (previously presented) The information handling system as 
described in claim 8 further comprising: 

means for providing a test script^ the test script 
including one or more attack simulations; 

means for processing the attack simulations included in 
the test script; 

means for determining whether to change one or more of 
the configuration settings based on the processing; and 

means for changing one or more of the configuration 
settings based on the determination 

14. (previously presented) A computer program product for 
preventing malicious network attacks, said computer 
program product comprising: 

means for receiving a packet from a client computer; 

means for identifying the client computer by a source IP 
address ; 

means for calculating a number of packets received using 
the source IP address during a time interval; 
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means for comparing the number of packets received with 
one or more configuration settings; 

means for determining an action from a plurality of 
actions based on the comparing ; and 

means for executing the action . 

15. (Canceled) 

16. (previously presented) The computer program product as 
described in claim 14 wherein the calculating further 
includes : 

means for identifying a client data area based on the 
source IP address, the client data area including the 
number of packets received; and 

means for incrementing the number of packets received. 

17. (Canceled) 

18. (Original) The computer program product described in 
claim 14 further comprising: 

means for receiving a socket request from the client 
computer ; 

means for determining a number of sockets opened for the 
client computer; 

means for comparing the number of sockets opened to a 
socket limit; and 

means for determining whether to allow a socket request 
based on the comparison. 

19. (Canceled) 
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20. (previously presented) The computer program product 
described in claim 18 further comprising: 

means for providing a test script, the test script 
including one or more attack simulations; 

means for processing the attack simulations included in 
the test script; 

means for determining whether to change one or more of 
the configuration settings based on the processing; and 

means for changing one or more of the configuration 
settings based on the determination. 

21. (previously presented) The method of claim 1 wherein the 
configuration settings include a first limit and a second 
limit, the method further comprising: 

determining that the number of packets exceeds the first 
limit; 

sending a notification in response to determining that 
the number of packets exceeds the first limit; 

receiving a subsequent packet from the client computer; 

incrementing the number of packets in response to 
receiving the subsequent packet; 

determining that the incremented number of packets 
exceeds the second limit; and 

rejecting the subsequent packet in response to 
determining that the incremented number of packets 
exceeds the second limit. 
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22. (previously presented) The method of claim 1 wherein the 
configuration settings include a historical usage 
corresponding to the client computer, the method further 
comprising: 

determining that the number of packets is higher than the 
historical usage; and 

sending a notification in response to determining that 
the number of packets is higher than the historical 
usage . 

23. (previously presented) The information handling system of 
claim 8 wherein the configuration settings include a 
first limit and a second limit, the information handling 
system further comprising: 

means for determining that the number of packets exceeds 
the first limit; 

means for sending a notification in response to 
determining that the number of packets exceeds the first 
limit; 

means for receiving a subsequent packet over the network 
interface from the client computer; 

means for incrementing the number of packets in response 
to receiving the subsequent packet; 

means for determining that the incremented number of 
packets exceeds the second limit; and 

means for rejecting the subsequent packet in response to 
determining that the incremented number of packets 
exceeds the second limit. 
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24. (previously presented) The information handling system of 
claim 8 wherein the configuration settings include a 
historical usage corresponding to the client computer, 
the information handling system further comprising t 
means for determining that the number of packets is 
higher than the historical usage; and 

means for sending a notification in response to 
determining that the number of packets is higher than the 
historical usage. 

25. (previously presented) The computer program product of 
claim 14 wherein the configuration settings include a 
first limit and a second limit, the computer program 
product further comprising: 

means for determining that the number of packets exceeds 
the first limit; 

means for sending a notification in response to 
determining that the number of packets exceeds the first 
limit; 

means for receiving a subsequent packet from the client 
computer; 

means for incrementing the number of packets in response 
to receiving the subsequent packet; 

means for determining that the incremented number of 
packets exceeds the second limit; and 

means for rejecting the subsequent packet in response to 
determining that the incremented number of packets 
exceeds the second limit* 
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26. (previously presented) The computer program product of 
claim 14 wherein the configuration settings include a 
historical usage corresponding to the client computer, 
the computer program product further comprising: 
means for determining that the number of packets is 
higher than the historical usage; and 
means for sending a notification in response to 
determining that the number of packets is higher than the 
historical usage. 



27 (New) A method for preventing malicious network attacks 

on a server computer from a client computer that accesses 
the server computer via a computer network, said method 
comprising: 

executing a test script that includes one or more attack 
simulations from the client computer, the execution of 
the test script including: 

receiving, at the server computer, one or more 
packets from the client computer and one or more 
open socket requests from the client computer; 

deciding a packet threshold for the client computer, 
the deciding including: 

determining a number of packets received from 
the client computer during a time interval; 

incrementing the number of packets received 
from the client computer; and 

comparing the number of packets received with a 
packet limit stored at the server computer; 
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computing an open socket threshold for the client 
computer, the computing including: 

determining a number of opened sockets for the 
client computer; 

incrementing the number of opened sockets for 
the client computer; 

comparing the number of sockets opened for the 
client computer to a socket limit stored at the 
server computer; and 

evaluating the packet limit and the socket limit 
used during the attack simulations , the evaluating 
including: 

analyzing the performance of the server 
computer during the simulation; and 
adjusting a server configuration setting based 
on the analysis, wherein the adjusted server 
configuration setting is selected from a group 
consisting the stored packet limit and the 
stored socket limit - 
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